<?xml version='1.0' encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
	<xsl:output
		media-type="text/xml"
		method="xml"
		indent="no"
		omit-xml-declaration="yes"
		encoding="UTF-8" />

	<!--
	When the XML doc contains a top-level node of gxpage-get-authorized-*,
	this stylesheet will produce a page or action list filtered for the current user

	Requires another node of gxpage-user-roles as a direct child of gxpage-get-authorized-*.
	-->

	<xsl:template match="gxpage-get-authorized-pages">
		<SiteTree>
			<PageList>
				<xsl:call-template name="gxpage-get-authorized-pages">
					<xsl:with-param name="list" select="Pages/Page"/>
				</xsl:call-template>
			</PageList>
		</SiteTree>
	</xsl:template>

	<xsl:template match="gxpage-get-authorized-actions">
		<ActionList>
			<xsl:call-template name="gxpage-get-authorized-actions">
				<xsl:with-param name="page" select="@Page"/>
			</xsl:call-template>
		</ActionList>
	</xsl:template>

	<xsl:template match="gxpage-check-permissions">
		<xsl:choose>
			<xsl:when test="gxpage-authorize-item/Action[
								(@Trust = 'Protected' and Auth/*/@ID = //gxpage-user-roles/Auth/*/@ID)
								or not(@Trust = 'Protected')
								]">
				<xsl:text>OK</xsl:text>
			</xsl:when>
			<xsl:when test="gxpage-authorize-item/Page[
								(@Visible = '1' or not(@Visible))
								and (
									(@Trust = 'Protected' and Auth/*/@ID = //gxpage-user-roles/Auth/*/@ID)
									or not(@Trust = 'Protected')
								)
								]">
				<xsl:text>OK</xsl:text>
			</xsl:when>
			<xsl:otherwise>
				<xsl:message terminate="yes">
					<xsl:text>NOT authorized</xsl:text>
				</xsl:message>
			</xsl:otherwise>
		</xsl:choose>
	</xsl:template>

	<xsl:template name="gxpage-get-authorized-pages">
		<xsl:param name="list"/>
		<xsl:for-each select="$list">
			<!--
			Page must be visible AND
			require a role the user has OR is not set to Protected
			-->
			<xsl:if test="(@Visible = '1' or not(@Visible)) and ( (@Trust = 'Protected' and Auth/*/@ID = //gxpage-user-roles/Auth/*/@ID) or not(@Trust = 'Protected') )">
				<Page ID="{@ID}">
					<xsl:copy-of select="*[ name()='Title' or name()='Group' or name()='Description' ]"/>
					<!-- recurse -->
					<xsl:if test="Page">
						<xsl:call-template name="gxpage-get-authorized-pages">
							<xsl:with-param name="list" select="Page"/>
						</xsl:call-template>
					</xsl:if>
					<!-- include the actions for this page -->
					<xsl:call-template name="gxpage-get-authorized-actions">
						<xsl:with-param name="page" select="@ID"/>
					</xsl:call-template>
				</Page>
			</xsl:if>
		</xsl:for-each>
	</xsl:template>

	<xsl:template name="gxpage-get-authorized-actions">
		<xsl:param name="page"/>
		<xsl:for-each select="//Page[ @ID = $page ]/Action">
			<!--
			Action must be visible AND
			require a role the user has OR is not set to Protected
			-->
			<xsl:if test="(@Visible ='1' or not(@Visible)) and ( (@Trust = 'Protected' and Auth/*/@ID = //gxpage-user-roles/Auth/*/@ID) or not(@Trust = 'Protected') )">
				<Action ID="{@ID}">
					<xsl:copy-of select="*[ name()='Title' or name()='Group' or name()='Description' ]"/>
				</Action>
			</xsl:if>
		</xsl:for-each>
	</xsl:template>

</xsl:stylesheet>
